Re: Pentesting a Citrix Network

From: Erlend J. Leiknes (nookie@online.no)
Date: 03/05/02 

From: "Erlend J. Leiknes" <nookie@online.no>
To: <pen-test@securityfocus.com>, "Franklin DeMatto" <franklin.lists@qDefense.com>
Date: Tue, 5 Mar 2002 06:41:41 +0100

What about setting up a citrix client, and then sniffing the data between
them?

----- Original Message -----
From: "Franklin DeMatto" <franklin.lists@qDefense.com>
To: <pen-test@securityfocus.com>
Sent: Sunday, March 03, 2002 10:53 PM
Subject: Pentesting a Citrix Network

> I'm pentesting a network that includes two Citrix servers on Win 2k. As I
> have no experience whatsoever with Citrix, I thought I'd ask if anyone can
> help me out. The servers listen on port 80, with the following banners:
>
> HEAD / HTTP/1.0
>
> HTTP/1.1 400 Bad request
> Server: Citrix Web PN Server
> Date: xxxx
> Connection: Close
>
> They also listen on the 1494 port (which is designated for citrix)
>
> I was unable to get it to respond to any HTTP request, by hand or with a
> browser.
>
> I'd appreciate if anyone could help me with some of the following
questions
> (again, they may be basic, I have never used Citrix):
>
> Which Citrix product is it? Is there a way to fingerprint it?
> How do I get it to respond to HTTP requests?
> Are there any information disclosure possibilites? How about
> vulnerabilities (i.e. buffer overflows, etc.)?
>
> Any help would be very appreciated!
>
>
>
> Franklin DeMatto
> Senior Analyst, qDefense Penetration Testing
> http://qDefense.com
> qDefense: Making Security Accessible
>
>
> -------------------------------------------------------------------------- 

--
> This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please
see:
> https://alerts.securityfocus.com/
>
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • Re: Pentesting a Citrix Network
    ... > They also listen on the 1494 port (which is designated for citrix) ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: Simulate mouse movement?
    ... If yours is anything like Citrix's implementation of this security ... We wanted to leave them on overnight logged into Citrix to run ... > The screensaver is disabled and I've set the screen to never go blank ... > the mouse by API calls. ...
    (microsoft.public.vb.general.discussion)
  • Re: Least User Priviledges for Network Administrators
    ... We've already covered most of the other security issues that you mentioned. ... We use Citrix in place of TS. ... administer local PCs have rights only on the PC--those accounts have no ... or helpdesk work should never be done under a Domain Admin account, ...
    (microsoft.public.windowsxp.security_admin)
  • RE: Pentesting a Citrix Network
    ... The HTTP server is related to the ... If you take a Citrix ICA ... >> This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: remove security for everyone
    ... It seems like an unusual configuration you have there -- one DC with Citrix ... You will have some security concerns with Citrix on a DC. ... >>Does the secedit tool that Dmitry suggested work? ...
    (microsoft.public.win2000.security)